Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible Security Vulnerability #78

Open
god-s-perfect-idiot opened this issue Jun 29, 2022 · 2 comments
Open

Possible Security Vulnerability #78

god-s-perfect-idiot opened this issue Jun 29, 2022 · 2 comments

Comments

@god-s-perfect-idiot
Copy link

In O-auth login route, I could see that the Mongo DB was checked against a user name existing in the DB as returned from Google Servers. Does this not allow any user to create an email ID with the same name as an existing user and gain access into their accounts? Would email be a better parameter to check against?
@dan-online
Copy link
Member

Hey @god-s-perfect-idiot, this project is not being updated any further at the moment sadly. I myself am working on a replacement in typescript and graphql with a lot more security but I won't be looking into fixing this issue. If you would like you could make a pull request which I would be happy to look over :)

@amadeus-torwell
Copy link

amadeus-torwell commented Jul 18, 2022
edited
Loading

Is the new project / replacement already checked in somewhere so that others can contribute to it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@amadeus-torwell @god-s-perfect-idiot @dan-online